<?php
$loc ="login";
require_once('mysql_connect.php');

if(isset($_POST['submit'])){
	$password = escape_data($_POST['password']);
	$login = strtolower(escape_data($_POST['email']));
	$query = "SELECT * FROM users WHERE email='" . $login . "' AND (password=PASSWORD('" . $password . "') OR password=OLD_PASSWORD('" . $password . "')) LIMIT 1";
// Disable the above line by using //  and enable the bellow line by deleting // if you are using MySQL 4.0.x
//	$query = "SELECT * FROM users WHERE email='" . $login . "' AND password=PASSWORD('" . $password . "') LIMIT 1";
	$result = mysql_query($query);
	if(mysql_num_rows($result) > 0){
		$row = mysql_fetch_array($result);
		$_SESSION['userid'] = $row['id'];
		$_SESSION['email'] = $row['email'];
		$_SESSION['admin'] = $row['admin'];
		$_SESSION['phone'] = $row['phone'];
		header("Location:bytitle.php");
		exit();
	}else{
		$mes = "I'm sorry but the email or password you used is not correct.";
	}
}
include('top.php');
?>
<TABLE><TR><TD>
<?php
if(isset($mes)){
echo "<FONT FACE=\"Verdana\" size=-1 color=\"red\">";
echo $mes;
echo "</FONT><BR>";
}
?>
<FORM ACTION="login.php" method="post"><FONT FACE="Verdana" size=-1>email: </FONT><INPUT TYPE="text" name="email" id="email">
<BR><FONT FACE="Verdana" size=-1>password: <INPUT TYPE="password" name="password" id="password"><BR><INPUT TYPE="submit" name="submit" id="submit" value="login"></FONT></FORM>
<BR>
<?php
if ($accountreg==1){
?>
<A HREF="register.php"><FONT FACE="Verdana" color="000000" size=-1>register</FONT></A><FONT FACE="Verdana" color="000000" size=-1> | </FONT>
<?php
}
?>

<A HREF="lostpass.php"><FONT FACE="Verdana" color="000000" size=-1>lost password</FONT></A>
</TD></TR></TABLE>

<?php
include('bot.php');
?>